Author Gary Hibberd
It’s no good saying “we’ll cross that bridge when we come to it.” Because the bridge may be gone.
Basically will your business be open when your customers expect it?
Hope for the best
When our business is open and making money we are happy. When things are going well we are happy. We like being happy. We never think things can go wrong. I mean, what could go wrong? That would never happen to me. Right? So what can you do about it? You can plan!
Plan for the worst
In life and in business things can go wrong. For example just look at the weather. You can’t control the weather. You can build an effective response to it. Here are some simple things to think about:
Top 5 Tips for Planning for the Worst
Have a look around outside where you work
Have a really good look. Anything there that could impact you? Are you near a river? In a flood risk area? Near a potential terrorist target? In a town centre? At the end of road? On an industrial estate with only 1 access road?
Have a look inside where you work
Where are the things that are important to you? Where are the confidential paper files? Where is the server that the business relies on? Can you work if you can’t get to them? Or if they get water damaged? Or stolen?
Speak to your colleagues
Speak to your staff about how they get to work and think about what could impact them. The office may be on high ground but if your staff are flooded at home do you think they will come into work? Do you have up to date contact details for everyone? How are you going to tell them if the business is closed?
Speak to your suppliers
We do rely a lot on other people to help make our business work. If things go wrong for them will they still be able to give you what you need? If not how will that effect you? Will it cost you money? Could it put you out of business?
Expect the unexpected
The bottom line is that ‘bad things happen’. You can’t plan for everything, but you can plan for anything. Assess the risks and consider what you will do when things go wrong.
ISO 27001 and practical advice and guidance
ISO 27001 is the international standard for information security. It is an information security management system. Part of it looks at how we would plan for the worst. It looks at managing in a crisis and managing in a disaster and gives some great pointers on what a business should be doing. It is a great place to start for practical advice and guidance.
ISO 27001 Section 11 Physical and Environmental Security
The ISO 27001 standard covers Physical and Environmental Security in section 11. There are a number of sub clauses that all go towards meeting the objective which is to prevent unauthorised physical access, damage and interference. The control objective is physical protection against natural disasters, malicious attack or accidents shall be designed and applied. Common sense really.
A.17 Information security aspects of business continuity management
The main part of ISO 27001 Information Security standard that applies to managing a disaster is section A.17 which looks at business continuity management. There are two sub sections
A.17.1 Information security continuity
Objective: Information security continuity shall be embedded in the organisation’s business continuity management systems.
A.17.1.1 Planning information security continuity
The business shall determine its requirements for information security and the continuity of information security management in adverse situations, e.g. during a crisis or disaster.
A.17.1.2 Implementing information security continuity
The business shall establish, document, implement and maintain processes, procedures and controls to ensure the required level of continuity for information security during an adverse situation.
A.17.1.3 Verify, review and evaluate information security continuity
The business shall verify the established and implemented information security continuity controls at regular intervals in order to ensure that they are valid and effective during adverse situations.
Objective: To ensure availability of information processing facilities.
A.17.2.1 Availability of information processing facilities
Information processing facilities shall be implemented with redundancy sufficient to meet availability requirements.
ISO 27001 Policy Document Business Continuity
Having an ISO 27001 policy document that covers how you will plan for when things go wrong is ideal. Implementing ISO 27001 and gaining ISO 27001 certification is becoming a must have for business. ISO 27001 certification is quick, simple and affordable and we are here to provide you the essential protection of your data in a low impact, pain free approach.
Speak to a member of the team now on 08454 133 666
We would love to help you, ask for Gary: